Docs

DNS Overview

Suggest Edits

Preview

Overview

Purpose: The DNS Overview dashboard provides insights into DNS query patterns, failures, and domain usage. This dashboard is essential for network administrators to monitor DNS traffic, detect potential issues, and optimize DNS performance.

Components: The dashboard consists of the following visualizations:

  • Domain Cardinality
  • Host Cardinality
  • Query Cardinality
  • Query Depth (Avg)
  • Answer Count (Avg)
  • DNS Queries/Sec
  • DNS Query Rate by VPC
  • DNS Timeouts
  • Top External Domains
  • Top Cloud Services
  • Top IPs Querying Non-Existent DNS Records
  • Top Queries Generating NXDOMAIN
  • Rcodes
  • Queries by Domain
  • Queries by Type
  • Top TLD

Getting Here

  1. From the main menu, go to Dashboards > All.
  2. Select the System tab from the top navigation.
  3. Click on DNS Overview.

Main Points

Usage Scenarios: This dashboard is useful for monitoring DNS performance, identifying problematic domains, and analyzing DNS query behaviors. It helps administrators detect DNS-related issues that may affect network performance.

Best Practices: Regularly review the DNS query rates and external domains for abnormal activity. Monitor timeouts and NXDOMAIN responses to identify DNS issues promptly.

Charts

Domain Cardinality

Description: A line chart showing the cardinality of DNS queries by domain over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Cardinality by domain.

Usage: Track the diversity of queried domains, which may indicate unusual patterns or an increase in domain lookups.

Host Cardinality

Description: A line chart displaying the number of unique hosts querying DNS records over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Cardinality by host.

Usage: Use this chart to monitor host activity and identify potential spikes in DNS requests from multiple sources.

Query Cardinality

Description: A line chart tracking the number of unique DNS queries over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Cardinality of queries.

Usage: This chart helps detect variations in DNS query patterns, useful for identifying abnormal behavior.

Query Depth (Avg)

Description: A line chart displaying the average depth of DNS queries over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Query depth.

Usage: Helps in understanding query complexity, which could indicate unusual or potentially malicious activity.

Answer Count (Avg)

Description: A line chart showing the average number of answers in DNS query responses over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Average answer count.

Usage: Monitor this chart to observe the response size, which may reveal abnormal DNS responses.

DNS Queries/Sec

Description: A line chart representing the DNS query rate per second.

Key Elements:

  • X-axis: Time.
  • Y-axis: Queries per second.

Usage: This metric is useful for tracking the overall DNS load, identifying peaks in query rates, and detecting performance issues.

DNS Query Rate by VPC

Description: A line chart displaying the DNS query rate segmented by VPC (Virtual Private Cloud).

Key Elements:

  • X-axis: Time.
  • Y-axis: Query rate segmented by VPC.

Usage: Helps in monitoring DNS usage across different VPCs, allowing administrators to assess resource utilization.

DNS Timeouts

Description: A line chart that shows the number of DNS timeouts over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Timeout count.

Usage: Use this chart to identify DNS requests that have timed out, which may indicate connectivity or server issues.

Top External Domains

Description: A list showing the most frequently queried external domains.

Key Elements:

  • Entries: List of domains with associated query counts.

Usage: Identify popular external domains in DNS queries, which is useful for security and traffic monitoring.

Top Cloud Services

Description: A pie chart representing queries by top cloud service hosts.

Key Elements:

  • Segments: Each segment represents a cloud service host.

Usage: Helps in identifying cloud services that are frequently accessed via DNS queries.

Top IPs Querying Non-Existent DNS Records

Description: A bar chart displaying IPs that frequently query non-existent DNS records.

Key Elements:

  • X-axis: IPs.
  • Y-axis: Query count for non-existent records.

Usage: Useful for identifying IPs with high NXDOMAIN responses, which may indicate misconfiguration or malicious activity.

Top Queries Generating NXDOMAIN

Description: A table showing the top DNS queries that generated NXDOMAIN responses.

Key Elements:

  • Columns: Displays query name and percentage of NXDOMAIN responses.

Usage: Helps identify DNS queries that frequently fail, which may indicate incorrect configurations.

Rcodes

Description: A line chart showing DNS response codes over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Query count per response code (e.g., NXDOMAIN, NOERROR).

Usage: Monitor this chart to identify error patterns in DNS responses.

Queries by Domain

Description: A line chart representing the query rate by specific domains over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Query rate by domain.

Usage: Useful for tracking DNS requests to specific domains, which can aid in traffic analysis and monitoring.

Queries by Type

Description: A line chart showing DNS query types (e.g., A, AAAA, SRV) over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Query count by type.

Usage: Helps identify the types of DNS queries being requested, useful for understanding DNS traffic composition.

Top TLD

Description: A pie chart showing the distribution of queries by top-level domains (TLDs).

Key Elements:

  • Segments: Each segment represents a TLD, with size reflecting query volume.

Usage: Useful for analyzing DNS queries based on TLDs, providing insights into domain patterns in traffic.

Interpreting the Data

DNS Load: The DNS Queries/Sec and DNS Query Rate by VPC charts indicate the DNS load, helping administrators detect periods of high DNS activity.

Timeouts and Errors: The DNS Timeouts and Rcodes charts are critical for identifying DNS failures, which may signal connectivity or configuration issues.

Popular Domains and Services: The Top External Domains and Top Cloud Services charts reveal the most accessed external resources, useful for assessing network usage and identifying potential risks.

Additional Features

Metric Selection: Users can choose specific metrics, such as bitrate, to customize the dashboard view.

Time Range: Adjustable time ranges allow for focused analysis of DNS trends over specific periods.

Interactive Elements: Hovering over data points in the charts provides additional information, facilitating in-depth data exploration.

Updated 5 days ago